by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Autumn 2012
16 GRC Professional • Autumn 2012 COVER STORY Is privacy dead? As privacy violations pile up, GRC Professional asks whether organisations can effectively manage and protect the growing volume of personal data in their care? By KeelI CamBourne Wh En VodaFonE’s data Was breached in early 2011, we waited for the fallout. the breach, which allowed the billing and call records of four million customers to be ava ilable on a publicly accessible website prot ected only by a password, was shown to be the fault of the telecommunications provider due to a lack of appropriate security measures to protect persona l information. australian Privacy Commissioner timothy Pilgrim found that Vodafone had breached the Privacy act 1988 by failing to take reasonable steps to protect customers’ data, but he didn’t issue any penalty, and in fact praised Vodafone for dealing with the breach promptly – a nd open ly. With so little consequence for such breaches, a re austra lia’s privacy laws rea lly worth the paper they’re written on? and will proposed reforms to the act remedy the situation? How it stands the growing volume of personal data held by organ isations, coupled with the significant ramifications of a breach for both affected individuals and businesses, has cast a spotlight on privacy in recent years. in the wrong hands, personal data can be used to commit identity theft, threaten an individual ’s physical safety, access financial accounts, and damage reputations or rel ationships. For busi ne sse s, a side from In the wrong hands, personal data can be used to commit identity theft, threaten an individual’s physical safety, access financial accounts, and damage reputations or relationships. regulatory penalties, a breach can result in loss of trust in the organisation, extortion and irreparable re putational dam age. since 2009, the Federa l Govern ment has been rev iewi ng recom mend ations f rom the austra lia n law reform Comm ission (alrC) suggesting mandatory data-breach laws be introduced. this recom mendation was one of 295 the alrC delivered. so far, the government has responded to 197 but the Privacy act 1988 has yet to be updated. dun and Bradstreet CEo Gareth jones says the current Privacy act does not fully cater for developing technologies in an increasingly digital age. “the proliferation of these tech nologies, such as social media and data collection software, has incited questions a s to whether individual privacy is being compromised and whether the current laws are sufficient as australia moves forward,” he says. For the financial sector, the introduction of a more comprehen sive credit repor ting regime cou ld have dramatic ramifications to the way in which businesses operat e, a ccording to jones. “Currently we operate under a ‘negative only’ credit reporting regime, which means that only negative data such as defaults and bankruptcies get repor ted. the refor ms will mean that positive pieces of data will also be included on a person’s credit report, such a s repayment histor y, credit limits on accounts, and dates that accounts were opened and closed. “the introduction of positive credit reporting X
GRC Summer 2012
GRC Winter 2012